An Accepted Solution is available for this post. Jump to solution.
G3100 and Hairpin NAT (NAT loopback)
jonsmirl1
Enthusiast - Level 2
‎01-11-2021 09:22 AM

It is very annoying that the G3100 router does not have Hairpin NAT (NAT loopback) enabled. This is a common feature found on almost all routers including the G1100.

Hairpin NAT says that if I use the external IP to access the router from inside the LAN, then it should behave the same as if I had accessed the router from outside the LAN. That means apply the port forwarding and mapping to the request.

This is very annoying to me because I have an app on my phone that uses the external name for my network. This app works fine outside of the house. When I am inside the house the phone switches onto wifi. This causes the mobile app to stop working. Why? Because the mobile app is using the external name for the router and it is expecting port 443 to get forwarded. Since the G3100 does not have Hairpin NAT enabled the ports don't get forwarded and the app stops working.

This should not be happening. My mobile app should work the same whether it is external or internal to the network.  Please enable this feature on the G3100.

Reading around the forum I see other people experiencing similar issues without knowing what caused the problem.

Edit: I got my app working by moving to another port.  Reddit post clued me into Hairpin NAT works on ports besides 80/443 on G3100.

0 Likes
Reply
1 Solution

Correct answers
An Accepted Solution is available for this post. Jump to solution.
Re: G3100 and Hairpin NAT (NAT loopback)
jonsmirl1
Enthusiast - Level 2
‎01-11-2021 10:57 AM

I got my app working by moving to another port.  Reddit post clued me into Hairpin NAT works on ports besides 80/443 on G3100.  I was using 443.

I suspect Verizon using 443 for external router management which is why I can't change it.

Why is this important? Because SSL certificates have the domain name in them. And you want to use that domain name internally so that the app won't error out with a certificate error.

View solution in original post

Reply
4 Replies
An Accepted Solution is available for this post. Jump to solution.
Re: G3100 and Hairpin NAT (NAT loopback)
Cang_Household
Community Leader
Community Leader
‎01-11-2021 10:25 AM

While it would be nice for the G3100 to have this feature, but hairpin NAT is really kind of an unpopular protocol/feature.

The app/device responsible for sending an IP packet should determine whether the resource is on the same network or beyond the gateway. Always switch if you can, route is a secondary option.

What app are you using?

Reply
An Accepted Solution is available for this post. Jump to solution.
Re: G3100 and Hairpin NAT (NAT loopback)
jonsmirl1
Enthusiast - Level 2
‎01-11-2021 10:57 AM

I got my app working by moving to another port.  Reddit post clued me into Hairpin NAT works on ports besides 80/443 on G3100.  I was using 443.

I suspect Verizon using 443 for external router management which is why I can't change it.

Why is this important? Because SSL certificates have the domain name in them. And you want to use that domain name internally so that the app won't error out with a certificate error.

Reply
An Accepted Solution is available for this post. Jump to solution.
Re: G3100 and Hairpin NAT (NAT loopback)
jonsmirl1
Enthusiast - Level 2
‎01-17-2021 12:33 PM

Update on this....

When terminating an Alexa Smarthome URL on your own sever, Alexa does not allow you to change the port off from 443.  So that means I had to figure out how to get the G3100 off from port 443. I finally figured out that router remote admin was enabled by default on port 443.  If you go into the remote admin section of the router you can change that port to something else like 444. Then when you use normal http to access the router, the router will redirect you to they new port number so you don't have to remember it.

Now the router is not using port 443. Go back into port forwarding and forward 443 to your internal server. It will work correctly. Before moving the remote admin port you could set the port forward but it would have no effect.

Reply
An Accepted Solution is available for this post. Jump to solution.
Re: G3100 and Hairpin NAT (NAT loopback)
Cang_Household
Community Leader
Community Leader
‎01-17-2021 02:14 PM

Several points to make here:

@jonsmirl1 wrote:

When terminating an Alexa Smarthome URL on your own sever, Alexa does not allow you to change the port off from 443. 

I am not sure what is "terminating an Alexa Smarthome URL on your own server."

@jonsmirl1 wrote:

I finally figured out that router remote admin was enabled by default on port 443.

Remote administration is disabled by default per safety precautions.

What you are looking for after all is only port forwarding? This is a different thing than NAT Hairpin.

Reply